JOSSO

Query string causing Segmentation fault and core dump.

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Critical Critical
  • Resolution: Cannot Reproduce
  • Affects Version/s: JOSSO 1.8.2
  • Fix Version/s: None
  • Component/s: Apache HTTP 2.2 Agent
  • Description:
    Hide
    This environment works very well with exception of the following error.

    Problem:
    1) Open a new browser. Both Firefox and IE display the same issue. (Very important that this is a new browser session.)
    2) Browse directly to a URL with a query string
       E.G. http://localhost/myApp/myPath/myServlet?String1=Value1
    3) Firefox will display a blank screen while IE will display a error.

    The following message appears in the error_log file:
    [Mon Mar 29 09:29:07 2010] [notice] child pid 11764 exit signal Segmentation fault (11), possible coredump in /tmp/

    The core dump states:
    Core was generated by `/usr/share/apache-httpd-2.2.14/bin/httpd -k start'.
    Program terminated with signal 11, Segmentation fault.
    #0 0x005d569e in apr_array_pstrcat (p=0x9409158, arr=0x0, sep=44 ',') at tables/apr_tables.c:237
    237 tables/apr_tables.c: No such file or directory.
    in tables/apr_tables.c


    The follow scenarios work correctly.
    1) Open a new browser.
    2) Browse directly to a URL without a query string
       E.G. http://localhost/myApp/myPath/myServlet
    3) No issue, works as expected.


    1) Open a new browser. Both Firefox and IE display the same issue. (Very important that this is a new browser session.)
    2) Browse directly to a URL with a query string
       E.G. http://localhost/myApp/myPath/myServlet?String1=Value1
    3) Firefox will display a blank screen while IE will display a error.
       Note: The URL is rewritten as http://localhost/myApp/myPath/myServlet?String1=Value1/josso_security_check
    4) Delete the "/josso_security_check" off the end of the URL and resubmit the request. We are basically going back to the URL using a existing session instead of a new session.
    5) No issue, works as expected.
    Show
    This environment works very well with exception of the following error. Problem: 1) Open a new browser. Both Firefox and IE display the same issue. (Very important that this is a new browser session.) 2) Browse directly to a URL with a query string    E.G. http://localhost/myApp/myPath/myServlet?String1=Value1 3) Firefox will display a blank screen while IE will display a error. The following message appears in the error_log file: [Mon Mar 29 09:29:07 2010] [notice] child pid 11764 exit signal Segmentation fault (11), possible coredump in /tmp/ The core dump states: Core was generated by `/usr/share/apache-httpd-2.2.14/bin/httpd -k start'. Program terminated with signal 11, Segmentation fault. #0 0x005d569e in apr_array_pstrcat (p=0x9409158, arr=0x0, sep=44 ',') at tables/apr_tables.c:237 237 tables/apr_tables.c: No such file or directory. in tables/apr_tables.c The follow scenarios work correctly. 1) Open a new browser. 2) Browse directly to a URL without a query string    E.G. http://localhost/myApp/myPath/myServlet 3) No issue, works as expected. 1) Open a new browser. Both Firefox and IE display the same issue. (Very important that this is a new browser session.) 2) Browse directly to a URL with a query string    E.G. http://localhost/myApp/myPath/myServlet?String1=Value1 3) Firefox will display a blank screen while IE will display a error.    Note: The URL is rewritten as http://localhost/myApp/myPath/myServlet?String1=Value1/josso_security_check 4) Delete the "/josso_security_check" off the end of the URL and resubmit the request. We are basically going back to the URL using a existing session instead of a new session. 5) No issue, works as expected.
  • Environment:
    The Agent is located on: Apache Httpd-2.2.14
    The Gateway is located on: Apache Tomcat-5.5.28
    Using mod_jk-1.2.28-httpd-2.2.X in order to mount the gateway
       E.G. JkMount /josso/* localTC

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Goran Nastov added a comment - 12/Apr/10 6:52 PM
This issue is related to issue JOSSO-202 and it's probably fixed. Please see my comment on JOSSO-202 and, if you can, give me some feedback regarding this before I resolve it.
Show
Goran Nastov added a comment - 12/Apr/10 6:52 PM This issue is related to issue JOSSO-202 and it's probably fixed. Please see my comment on JOSSO-202 and, if you can, give me some feedback regarding this before I resolve it.
Hide
Permalink
Eric Blix added a comment - 14/Apr/10 12:13 PM
We identified the issue to be in (josso-apache22-agent-1.8.1/mod_auth_josso/mod_auth_josso.c) the function form_value(), apr_hash_get() is returning null and assigning it to v_arr. The core-dump occurs when the null v_arr argument is passed to apr_array_pstrcat(). One of our developers added some debug code to form_value() to analyse the contents of the variable 'form' (type: apr_hash_t *). The 'form' hash only contains a single entry with key value of 'String1', where 'String1' is the field name in the query string. According to him it appears to detect that it needs to login, but appears to fail when redirected to the login servlet.

In our environment I physically tested both josso-1.8.1 and josso-1.8.2-r1573. Both versions had the same issue. I visually compared four different versions, josso-1.8.1, josso-1.8.2-r1573, branches/JOSSO_1_8_2_B, and branches/JOSSO_1_9_0_B.

For the focus of this conversation I will be referring to josso-1.8.1.tar.gz://dist/agents/src/josso-apache22-agent-1.8.1/mod_auth_josso/mod_auth_josso.c as mod_1.8.1 and I will be referring to https://josso.svn.sourceforge.net/svnroot/josso/josso1/branches/JOSSO_1_8_2_B/josso/agents/josso-apache22-agent/mod_auth_josso/mod_auth_josso.c as mod_1.8.2b.

We patched "mod_1.8.1" line#915 "r->unparsed_uri" in a way that appears to be very similar to "mod_1.8.2b" line#1251. The fact that changes were made in the same area and close to the same way give me confidence that this might be fixed in version control.

Due to the number of changes in version control I will not be able to determine if this issue has been resolved until this change in version control is released.

I look forward to the next release of JOSSO.

Thanks,
Eric
Show
Eric Blix added a comment - 14/Apr/10 12:13 PM We identified the issue to be in (josso-apache22-agent-1.8.1/mod_auth_josso/mod_auth_josso.c) the function form_value(), apr_hash_get() is returning null and assigning it to v_arr. The core-dump occurs when the null v_arr argument is passed to apr_array_pstrcat(). One of our developers added some debug code to form_value() to analyse the contents of the variable 'form' (type: apr_hash_t *). The 'form' hash only contains a single entry with key value of 'String1', where 'String1' is the field name in the query string. According to him it appears to detect that it needs to login, but appears to fail when redirected to the login servlet. In our environment I physically tested both josso-1.8.1 and josso-1.8.2-r1573. Both versions had the same issue. I visually compared four different versions, josso-1.8.1, josso-1.8.2-r1573, branches/JOSSO_1_8_2_B, and branches/JOSSO_1_9_0_B. For the focus of this conversation I will be referring to josso-1.8.1.tar.gz://dist/agents/src/josso-apache22-agent-1.8.1/mod_auth_josso/mod_auth_josso.c as mod_1.8.1 and I will be referring to https://josso.svn.sourceforge.net/svnroot/josso/josso1/branches/JOSSO_1_8_2_B/josso/agents/josso-apache22-agent/mod_auth_josso/mod_auth_josso.c as mod_1.8.2b. We patched "mod_1.8.1" line#915 "r->unparsed_uri" in a way that appears to be very similar to "mod_1.8.2b" line#1251. The fact that changes were made in the same area and close to the same way give me confidence that this might be fixed in version control. Due to the number of changes in version control I will not be able to determine if this issue has been resolved until this change in version control is released. I look forward to the next release of JOSSO. Thanks, Eric
Hide
Permalink
Gianluca Brigandi added a comment - 14/Apr/10 6:57 PM
Please try building from the JOSSO 1.8.2 branch and followup on if you were able to reproduce it using this build.
 
Show
Gianluca Brigandi added a comment - 14/Apr/10 6:57 PM Please try building from the JOSSO 1.8.2 branch and followup on if you were able to reproduce it using this build.  

People

Dates

  • Created:
    29/Mar/10 9:44 AM
    Updated:
    20/Jul/10 7:36 AM
    Resolved:
    20/Jul/10 7:36 AM
Atlassian JIRA (v4.1.2#531) | Report a problem | Request a feature | Contact administrators
Powered by a free Atlassian JIRA open source license for JOSSO. Try JIRA - bug tracking software for your team.